- Ops.group published a report on GPS spoofing back in 2024.[1] It's bad. Ops.group is an organization for dispatchers and pilots, the people who decide the routes aircraft take and fly them. They are really angry about it. Key concerns:
- The greatest safety concern is the degraded functionality of the Ground Proximity Warning System (GPWS). The system does not operate correctly after spoofing, even if GPS coverage is restored. The number of false alerts is astounding. ...
- A similar concern is the significant possibility of the GPS Receiver appearing normal to flight crew after spoofing, but in reality being contaminated with false data. ...
- This year, a 500% increase in spoofing has been observed. On average 1500 flights per day are now spoofed, versus 300 in Q1/Q2 of 2024...
They included maps. Most of the Middle East and parts of Eastern Europe no longer have useful GPS coverage. It's not just jamming. There's active spoofing, which sends out false position info.
And this was before the Iran war.
Before this, everybody in the industry thought GPS solved the aerial navigation problem. In the US, the FAA wanted to shut down many of the old radionavigation aids. Now, there's a lot more interest in improving the other systems. The military wants to go mostly inertial and is working on better inertial systems.
[1] https://ops.group/dashboard/wp-content/uploads/2024/09/GPS-S...
- > Before this, everybody in the industry thought GPS solved the aerial navigation problem.
Many people in industry believed this but no one with a brain ever did. The vulnerability of GPS has been cause for concern for a long time, and the decimation of the VOR network has always had a lot of people up in arms.
- It seems like we have enough satellites in space that are giving off enough unique signals that we could put together a device that solves the GPS problem without needing GPS itself. I wonder what it would take.
- It would take those devices having synchronized atomic clocks, which they do not.
- Atomic clocks are not precise enough, they need nuclear clocks, which are not developed yet: https://thoriumclock.eu/
- GPS uses atomic clocks, not sure why we'd need something more precise for a timing reference on any other satellite system, unless you wanted to get like millimeter-level accuracy using nothing but satellites (and that would require a lot more than just a better clock on the sats).
- The clocks aren’t even the biggest source of error in the pseudo ranges.
- Is it really not possible to converge a location from implicit signals like frequency shift from relative motion? My intuition, maybe wrong, is that with enough compute and a thorough enough ephemeris of what should be broadcasting what, you could derive location.
- Your argument needs to be why it is practical in a smallish device, not that it seems possible.
Like you first have to infer what satellite you are even measuring, before you can decide where it might be.
- Disagree. If the objection is just cost/complexiry, that’s really just a statement of how long until it’s practical. GPS itself was computationally impossible in the 1950’s.
If the math works, and it’s just the domain of one-off ridiculously expensive devices today, it’s inevitably feasible in the long run.
- Bigger WTF is why critical systems still use unencrypted gps signal. It is like using plain SMTP emails for banking transactions, and relying on "sender" for authentification.
- An even bigger WTF is why GPS data isn't signed with some official key so spoofing is impossible.
- Galileo already contains this function for the navigation message via OSNMA, and GPS CHIMERA is soon to be operational, with the latter actually including crytographic "signatures" in the spreading code itself, so if you use these two constellations you become really harder to spoof.
Of course, they dont protect against jamming.
- Because an attacker can just replay legitimate broadcasts with slightly skewed time and origin and introduce huge errors into the fix.
- >> An even bigger WTF is why GPS data isn't signed with some official key so spoofing is impossible.
> Because an attacker can just replay legitimate broadcasts with slightly skewed time and origin and introduce huge errors into the fix.
Galileo uses a signing system (Timed Efficient Stream Loss-Tolerant Authentication, TESLA) to protect the authenticity of its messages, including preventing replays:
* https://gssc.esa.int/navipedia/index.php/Galileo_Open_Servic...
* https://datatracker.ietf.org/doc/html/rfc4082 (TESLA)
* https://people.eecs.berkeley.edu/~tygar/papers/TESLA_broadca...
* https://users.ece.cmu.edu/~adrian/projects/stream/node1.html
- I don't think this helps against someone receiving the signals (all satellites) and rebroadcasting them. The effect of that would be that any receiver of those rebroadcasted signals will believe they are located where the receiver of the rebroadcast is located (just the time is slightly off/late, but that doesn't help much without a reference to check against.)
- > […] (just the time is slightly off/late, but that doesn't help much without a reference to check against.)
The 'time sync' does not need to be done in the same absolutely sense (time_t is the same everywhere), but only in the relative sense:
* https://datatracker.ietf.org/doc/html/rfc4082#section-3.3.1Various approaches exist for time synchronization [15,16,17,18]. TESLA only requires the receiver to know an upper bound on the delay of its local clock with respect to the sender's clock, so a simple algorithm is sufficient.Knowing the (rough) broadcast delay from sender to receiver is sufficient.
- It's been a few years since I've worked with this stuff but I'm under the impression that you can do this sort of replay only for a short amount of time. If so, is there a point?
If the receiver expects a key to have been revealed at a particular timestep, it won't accept a replayed message with that key after that, so you can't record and replay indefinitely.
EDIT: Unless you indeed meant to instantly replay - would the receiver accept the highest strength signal, ie. yours?
- I did indeed mean instant replay, and yeah the better your clock in the receiver the narrower the window of delay that the spoofer has to work with. If you can get the time from a 5G network or NTP down to 10ms, that'd mean you can detect being spoofed at >=3km distance if the spoofer has 0 delay (which is doable with a plain analog rebroadcast).
- nobody would send a military vehicle (manned or drone) without initializing a proper clock, the replays would be stale.
- You're overestimating how precise the clocks in normal electronic devices are. A typical PC clock is +/-100ppm. After 1 hour that's 0.36s, which is roughly 100km in distance. A good electronic clock is a tenth that. An OCXO is in the 1ppm range, but that's still a kilometre per hour.
There's a reason GPS satellites are used as reference clock for PPS, PTP and NTP. A naval vessel you could carry a Rubidium clock on, I guess. But on ground vehicles or mobile receivers... nope.
[ed.: OCXOs aren't that large, 1cm^3 box ballpark, too large* for a smartphone or laptop but not a problem on larger quadcopters, cars or military radio equipment. And 1ppm is long term drift, you can try compensating a bit beyond that, so - I guess it's a question of spending the money and energy** on OCXOs.
* thick specifically, can't easily be made thin AFAIK
** the first O there is Oven - roughly 0.5W continuous draw.]
- > A typical PC clock is +/-100ppm. After 1 hour that's 0.36s
Are you confident in these numbers? They add up to 52 minutes of drift/year.
Good modern quartz watches specify 5 seconds/year drift, almost 3 orders of magnitude better.
- Yes, albeit 100ppm is bad/cheap crystals. 50-30ppm is normal.
The difference with a quartz watch is that it's factory calibrated with the load capacitance on the crystal, and that it's a 32768Hz tuning fork. For a variety of reasons, generating higher frequency clocks off 32768Hz is... "annoying" (huge PLL ratio, very slow feedback loop step), and typical crystals in the 10-100MHz range are just less precise and thermally stable. (Not sure why, I'm not an oscillator manufacturer...)
(NB: you can of course correct for initial deviation in software. The actual problem is stability over temperature.)
Ed.: https://www.digikey.com/en/products/filter/crystals/171 (or, in the hopes the filter on the link works, https://www.digikey.com/en/products/filter/crystals/171?s=N4... ) - look at the options and prevalence for frequency stability & tolerance.
Ed.2: a wristwatch also benefits from being kept at constant-ish body temperature.
- > typical crystals in the 10-100MHz range
I think most quarts watches oscillate at 32 kHz = 2^15 Hz, high precision quartz watches at 8.4 MHz = 2^23 Hz.
> The actual problem is stability over temperature
Apparently, designers of these watches compensating for that somehow: https://en.wikipedia.org/wiki/Quartz_clock#Thermal_compensat...
> benefits from being kept at constant-ish body temperature
Some people take off their watches every day before going to sleep.
These high-end quartz oscillators are probably too expensive to use in commodity computers. Still, the cost shouldn’t look too bad when compared to a price or an airplane, marine vessel, or most military equipment.
- add on top of this that oven controlled crystal oscillators (or any more performant technologies if affordable) would be selected by militaries...
- I'm unaware of any technology between OCXOs and Rb standards. The latter have gotten smaller but not tiny and also need quite a bit of ongoing maintenance and calibration.
- Just because we can't solve all current problems doesn't mean we shouldn't solve any current problems.
If you want to prevent replaying as well, add a counter.
- > Just because we can't solve all current problems doesn't mean we shouldn't solve any current problems.
Obviously not, but solving problems is always a cost benefit and we went from all spoofing is impossible to some spoofing is possible. What is the benefit of doing this and what is the cost?
> If you want to prevent replaying as well, add a counter.
It's not clear that would be able to prevent spoofing if the attacker could overwhelm and degrade the real signal.
- Why would that make spoofing impossible?
- Because attackers wouldn't be able to send legitimate-looking data to GPS receivers any more.
- Yes that's what spoofing is, but why wouldn't they be able to?
(EDIT: I see the other reply thread is already asking the same thing, didn't intend to ask about the same thing)
- Because, due to how cryptography works, nobody other than the entity holding the signing key (ie the one that deployed the satellites) can produce valid signatures for that key.
- They're falling back to the C/A (coarse, civilian) signal. Part of the attack is to drown out the frequency where the P (fine, military) signal is so they can more easily attack the civilian signal.
There's another frequency they could be using that is higher power but hasn't been put into production yet.
- > spoofing
I don't understand how "spoof-to" works. If you have to mimic a satellite then isn't everyone going to get a different location? Unless you're tracking a specific target how can you intentionally spoof them to a desired location? I'd assume the best you could do is create a fixed offset.
> The military wants to go mostly inertial and is working on better inertial systems.
Given the drift rate this is an idea for munitions but exceptionally difficult to actually operate in a vehicle.
- There are low-drift-rate inertial solutions, but they have high cost and big size (i.e. laser gyroscopes and accelerometers, with atomic clocks).
So I assume that the research effort is directed towards reducing the cost and size.
- Clock bias.
Because the clocks internal to GNSS receivers are not that accurate, if they're not at the "targeted" location they'll see that all satellites are off by a given time offset, and think that their clock is just off by that much.
- You mimic several satellites
- GPS tampering “data” from a company who’s upcoming tech is advertised to solve the problem their data shows is indeed a problem, and coincidentally also raised their 170M series C
- Competing with four free GNSS constellations is an interesting business model for sure...
- I would guess the business model is 'pay us and we'll give you the encryption key to our coded transmissions'.
Those coded transmissions are far harder to jam unless you have the key. So it's all about selling to as many customers as possible whilst having not a single customer leak the key.
That's why militaries use keys that rotate daily and won't let anyone else use the military signal.
- Why wouldn't they use public key cryptography for that?
- Your satellite doesn't want to be sending out lots of different signals - due to a limited power budget.
So you have to send out one (or maybe a couple) of signals protected by a key.
Yes, you can distribute that key individually to clients using public key cryptography over the same link (and many services like pay TV do exactly that).
But fundamentally any client who is able to decrypt the main stream can also share the key with someone evil who can use that info to jam the same stream.
- Isn’t this the exact problem tree-based broadcast encryption schemes were designed to solve? You could surgically revoke the keys of a bad actor, and I’m not exactly sure, but I think the scope of their ability to affect the jamming resistance of other users is necessarily limited by the tree.
- Indeed you can revoke anyone's keys any time with such a scheme. But a single leaked and unrevoked key is still enough to jam it for everyone.
Obviously you could have some "revoke each players keys in turn until the jamming stops" scheme, but it seems suboptimal.
- > jam the same stream.
To add to that, other people won't be able to spoof the original stream (as that needs the private key), but instead only jam it.
It would be the same failure mode as SSL certificates.
- In the case of gnss systems, you can also spoof the stream, since the interesting bit of the stream is not the data contained inside, but instead the relative time of arrival of different streams from different satellites.
An attacker can record the streams and replay them milliseconds later.
A client can protect against this if they have an atomic clock, but that's only for clients willing to pay a decent amount.
- No they're harder to spoof. Jamming is easy, but requires more power to achieve a desired effect and as they note they're planning to operate a low altitude constellation with closer transmitters as a result, so harder to swamp the signal for the receiver.
- And starlink...
- > Gunning says that, with the superior strength of the PNT signal transmitted by the company's planned LEO constellation, existing jammers would only be able to affect about 5% of the area they can currently disrupt. "The effect of the jamming is going to be reduced to a smaller radius," Gunning said. "The degradation area will go down, and the full lock-out radius will also go down."
Will this suddenly make offending countries scramble for an alternative?
- Is GNSS jamming really as bad a problem as the article makes it seem?
The article itself reads like guerilla advertising so I'm inclined not to take it at face value.
- Veritasium did a video a few weeks ago about scientists trying to figure out where a space based GPS jamming signal came from. https://www.youtube.com/watch?v=tz23G_UXCGA
- I've stopped watching Veritasium after the PE buyout. All of a sudden I'm deeply suspicous of their content and I'm left wondering if there is some Ulterior Motive that we are not aware of.
- Always had a strange feeling watching that channel, something feels off somehow. Anyway, didnt the video also mention GPS basically has the same capability (to be weaponised)? Seems trivial and logical… its a transmitter.. just transmit noise or spoofed signals. Another thing I see pop up here in the comments is about encryption. Critical infra usually is not encrypted because you need to be able to receive it critical conditions, simple means. These infras have been steadily been replaced by ‘hightech secure’ stuff in the west (like c2000…) but here in Asia i can still get an weather-fax image using a 5 dollar radio.
- I also read the same guerilla advertising for an alternative between the lines. If I understood it correctly from the article, the alternative itself is basically more of the same, but with a stronger signal.
So they basically will launch 300 satellites with an alternative that will face the exact same issues once jamming output signals increase too?
- > with an alternative that will face the exact same issues once jamming output signals increase too?
Encryption and LEO make this significantly harder to jam. I see value in it.
- https://app.media.ccc.de/v/39c3-who-cares-about-the-baltic-j... [video]
39C3: "Who cares about the Baltic Jammer?" / "Terrestrial Navigation in the Baltic Sea Region"
First few minutes give a summary, remainder is about DLR's attempt to fix it.
Also, https://gpsjam.org/ (ADS-B data from planes, hence limited coverage area.)
- In some parts of the world, it's getting bad. My partner is Lithuanian, and she/we go back there often. They're having a lot of issues there because of Russia.
- Near a warzone with consumer hardware? Yes.
Military hardware uses different signals, encryption, more advanced receivers, etc etc, but these things are on ITAR lists and not shared with the public.
It's a little surprising to me that there's a commercial venture that has been allowed to provide these things to the public at some point.
- Once again, Russia turns out to be the reason we can't have nice things. War truly is a waste for everyone involved. Now that Russia is also helping North Korea to launch satellites (one so far), expect everything to get worse in the future.
I give it 2-10 years before one of the two threatens an imagined adversary with detonating a nuke in orbit, with the explicit intent of causing Kessler syndrome.
- The article tiptoes around the who and the why but it's pretty clear.
The US has HARM (anti radiation missiles) but it would be very easy for Ukraine, or anyone, to create an inexpensive drone, which you would program with a frequency, a signal strength, and a general direction and send it to ride the radio signal straight to the jammer. Repeat daily as needed.
Anything on the ground transmitting high power on GPS freqs is up to no good for the global community.
- with directional antennas or telescope mounts, it would seem one could do positioning with catalogs of radio pulsars or optical pulsars (with clear skies or above the clouds), by more old-fashioned navigation like once used at sea.
To find your place on the globe you need to know the current time, and the azimuth and elevation of a feature in the astronomical sky.
Since the pulsars have different periods, observing them should allow you to reconstruct the time, and the directions of these emissions then allow you to determing where on the globe you are for such a time.
- > Gunning says that, due to the altitude of the Pulsar-0 satellite, the map may not truthfully reflect where jamming is worst for users on the ground
Right. So have they employed ground truthing to quantify this uncertainty? Truth was important when I went to GIS school.
- https://gpsjam.org/ (ADS-B data from planes, hence limited coverage area.)
- That’s a lot closer-to-the-ground truth. It would be interesting to compare Xona’s map with this, if they provide the actual data.
- > When we fly over North America, for example, we see a beautiful signal all the time
I think by “fly”, they mean several hundred km in the air where you have sharply reduced below-the-horizon blocking.
Anyone got any leads on Doppler shift detecting equipment? Not hard to detect you’re getting spoofed or jammed with based on that. Power levels being all improbable wouldn’t be hard to detect either. Difficult to detect if “tuned” to a particular target but blanket spoofing would be hard.
Then at the consumer level, fallback options exist (hi wifi); but having something more local would be nice. FM radio stations maybe? Can mess with those too ofc. AM systems are already a fallback in aviation for gross navigation.
A private GNSS constellation has very business cases.
- >Anyone got any leads on Doppler shift detecting equipment?
All radio receivers? Detecting the radio doppler frequency shift for satellites is kinda trivial.
Spoofing/jamming systems also trivially include doppler shifts. The more someone is trying to interfere with your specific location, the harder it is to defeat the spoofing.
- Looks like this is mostly marketing for the services of this new constellation...
- This "signal strength" thing doesn't pass a smell check. Whatever transmitter they put on a satellite, Russia can just put a stronger one on their jammers. Any satellite is limited by its space and power budget, terrestrial tech has no such limit.
- US is not even investing in GPS anymore.
Their L5 signal has been in experimental operation for probably over a decade, still "experimental".
- The US invested $8 billion into upgrades... and then killed off the program due to tons of problems with the upgrades[1]:
> However, the program was unable to deliver needed capabilities on an operationally relevant timeline at an acceptable level of risk to meet the GPS constellation modernization needs.
Hopefully the newer equipment and incremental improvements can bridge over to whatever's next.
[1] https://www.spaceforce.mil/News/Article-Display/Article/4465...
- JAM as a Service
- A really good illustration of how vulnerable space based military tech is in practice.
- The worst ad ridden website I’ve ever seen.
- It’s jammed!
- This is a lucid way to think of enshittification in general and of the advertising business in particular: jamming the information signal.
- I honestly see this jamming as a win. GNSS is a global blanket opt-in American spyware.
- GNSS receivers are passive devices that receive beacons broadcasted from the satellites. It's technically impossible to spy on someone with GNSS.
- And 99.99% of those GNSS receivers are connected to the internet. Or are in proximity to an (American controlled/designed) internet connected device.
- If we assume that person have a phone, which is majority of these devices with wifi and bluetooth you don't even need any GNSS.
- My pedantic self says GNSS includes other non-US constellations such as GLONASS, Galileo and Beidou, and they flew those satellites because they don't fully trust US GPS
- Ya I think they meant 'GPS'.
- [dead]
160 points by y1n0 13 hours ago | 88 comments